<?php
session_name(DicomScienceAdmin);
session_start();
// $lui = $_SESSION_['userId'];

$username = $_POST['username'];
$password = $_POST['password'];

if ($username == ""){
	Header("Location: index.php");
	exit();
}

include ('../includes/gset.php');

include ('../includes/database/connect.php');

$sql_checkuser = "SELECT id_staff, username, password, lastname, firstname, userlevel FROM staff WHERE username = '$username'";
$checkuser = mysql_query($sql_checkuser);

include ('../includes/database/closedb.php');

# if (!mysql_fetch_object($checkuser)){
#		echo "nope_1";
#}

while($usr = mysql_fetch_object($checkuser)){
	
	$id = $usr->id_staff;
	$name = $usr->username;
	$pass = $usr->password;
	$last = $usr->lastname;
	$first = $usr->firstname;
	$lvl = $usr->userlevel;
	
}

if ($pass == $password && $lvl = '9'){
	
	# Store Session Variables:
	$_SESSION['userId'] = $id;
	$_SESSION['userLevel'] = $lvl;
	$_SESSION['username'] = $first." ".$last;	
	include('main.php');
	
} else {
	
	echo "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\" \"http://www.w3.org/TR/html4/strict.dtd\">";
	echo "<html>";
	echo "<head>";
	echo "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\">";
	echo "<title>DicomScience Administration</title>";
	echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"admin.css\">";
	echo "<script src=\"admin.js\" type=\"text/javascript\"></script>";	
	echo "</head>";
	echo "<body onload=\"noaccess()\" onresize=\"noaccess()\">";
	echo "<div id=\"overlay\">";
	echo "<div id=\"noaccess\">";
	echo "</div>";
	echo "</div>";
	echo "</body>";
	echo "</html>";
	
}

?>
